CVE-2016-1034

The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.

Published: Apr 13, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1034
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: High
Score: 9.4
AV:N/AC:L/Au:N/C:C/I:C/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / creative_cloud	-	3.5.1.209.x

http://www.zerodayinitiative.com/advisories/ZDI-16-235
https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html

Vulnerability Database

289,697

CVE-2016-1034